Data Protection laws are changing. You may have already heard of the GDPR or General Data Protection Regulation which will take effect from the 25th of May 2018. The GDPR is a new piece of legislation from the European Union which will replace the UK Data Protection Act or DPA (1998). The majority of personal information used by businesses will be subject to the GDPR so it will be difficult for companies to avoid complying with the new legislation.
The General Data Protection Regulation will also change the way that organisations such as ourselves can collect data. The legislation will require us to be able to prove that we have consent when collecting personal data. In order to obtain valid permission, we will ensure that the language we use is easy to understand when requesting consent from an individual to collect personal data.
Any personal data that we collect will only be shared with employees within our company and any third parties that we may work with during projects including partners and subcontractors. We will however, ensure that clients are made aware of any third party working with us on the project with whom we may need to share personal data with. Personal data will also used in our email database unless consent is withdrawn. The personal data that we hold will only be used to distribute email campaigns such as newsletters or offers and events that we believe the individual may be interested in.
Under the General Data Protection Regulation, organisations such as ourselves will be prohibited from storing data for longer than is necessary and will be required to delete information if requested to do so by the individual. Any requests that we receive will be viewed as a high priority and implemented as soon as possible. Organisations will not be allowed to change the purpose for which they originally collected and used the data. In order to use the data for a different purpose, organisations will be required to attain fresh consent from all of the individuals whose data the change affects. We therefore promise to only use any personal data we collect for the purposes disclosed on this page and will seek fresh consent from the individual before using the personal data for any other purpose.
In addition to the information we have provided, the ICO has created a 12-point plan for businesses to follow in order to comply with the GDPR that you may find useful.